Advanced Web Security for Shared Hosting

Automate malware detection and eliminate manual cleanup tasks—so your team can focus on client growth instead of incident response.

Multi-Engine Malware Detection

Built specifically for shared hosting environments, Sentinel targets the web application threats that traditional antivirus misses: PHP shells, JavaScript injectors, base64-encoded backdoors, and IRC bots. Multi-layered detection catches sophisticated malware instantly—protecting client sites without slowing down server performance.

  • MD5 file hash matching for instant, exact threat identification
  • HEX pattern matching via native parallel grep engine for rapid variant detection
  • Compound signature scanning with multi-pattern boolean logic (AND/OR/threshold) and wide UTF-16LE support
  • Native YARA rule scanning with full module support and custom rule capability
  • Statistical string-length analysis automatically detects obfuscated threats like base64 and gzinflate encoding
  • Network Edge IPS integration extracts live malware from active attacks to generate real-time signatures
  • Community threat aggregation pulls data from clean-mx, malwaredomainlist, and user submissions for comprehensive coverage

ClamAV Dual-Engine Coverage

Combine LMDs web application focus with ClamAVs enterprise virus detection. Automatic signature linking provides dual-engine coverage against trojans, ransomware, and PHP-based malware—maximizing detection rates without requiring separate security products.

  • Advanced database updater with scripted updates and digital signature verification
  • Multiple daily signature updates keep protection current against zero-day threats
  • Deep archive inspection across Zip, RAR, Tar, Gzip, OLE2, Cabinet, CHM, and 10+ formats
  • Detects packed executables (UPX, FSG, Petite) and obfuscated files designed to evade standard scanners

Secure Quarantine & Restoration

Contain threats safely with zero-permission storage that prevents reinfection. Batch quarantine operations and one-click restoration return files to their original path, owner, and permissions—saving hours of manual recovery work.

  • Zero-permission quarantine storage eliminates risk of accidental execution or reinfection
  • Batch quarantine processing handles entire scan results instantly without manual selection
  • Full restoration preserves original file content, ownership, permissions, and modification timestamps
  • Browser-based management enables viewing, editing, downloading, or restoring files without SSH access

Automated Malware Cleaning

Remove injected malware strings automatically without replacing entire files. Signature-specific cleaner rules target base64 and gzinflate injections, then re-scan to verify success—eliminating hours of manual code editing per incident.

  • Automated removal of malicious injected strings while preserving legitimate application code
  • Batch cleaning processes historical scan reports to remediate past infections at scale
  • Specialized rules decode and strip base64/gzinflate payloads commonly used in web shell injections
  • Automatic post-clean verification ensures threats are fully removed before files return to production

Real-Time Monitoring & Upload Protection

Stop malware before it executes. Kernel-based inotify monitoring scans file changes instantly with minimal CPU impact, while ModSecurity2 integration intercepts malicious uploads at the HTTP layer—providing proactive defense without degrading server performance.

  • Kernel inotify monitoring catches create/modify/move events instantly across entire vhost trees
  • HTTP upload scanning via ModSecurity2 inspectFile hook blocks malicious files before they reach the disk
  • Dynamic sysctl limits optimize performance based on server load and file system activity
  • Background scanning mode enables unattended large-scale operations without interrupting live services

Continuous Threat Intelligence

Stay ahead of emerging threats with automated daily signature updates. Sentinel pulls intelligence from network edge IPS, community databases, ClamAV, and user submissions—ensuring your server blocks active in-the-wild attacks without manual maintenance.

  • Automatic daily updates via cron ensure protection stays current against zero-day threats
  • Manual update capability via interface or CLI for immediate response to critical outbreaks
  • RSS and XML threat feeds enable external integration with security dashboards or SIEM systems

Precision Filtering & False Positive Control

Eliminate false positives that disrupt client websites and generate unnecessary support tickets. Granular ignore options let you exclude specific paths, extensions, or signatures—maintaining strict security without impacting legitimate business applications.

  • Path-based exclusions protect critical application directories from unnecessary scanning
  • File extension filtering skips non-executable assets to conserve scanning resources
  • Signature whitelisting prevents known false positives from triggering alerts
  • Regular expression support enables complex inclusion/exclusion patterns for custom workflows

On-Demand Security Audits

Scan any domain or directory in seconds with automated threat handling. Choose to quarantine, clean, or generate client-ready reports instantly—transforming security investigations from multi-hour processes into single-click operations.

  • One-click domain scanning with automatic quarantine execution when enabled
  • Scan-recent mode targets only newly added/modified files for rapid incident triage
  • Regex-based file filtering focuses scans on high-risk directories while skipping safe assets
  • Integrated ClamAV and LMD engines run simultaneously for maximum detection coverage per scan

Multi-Channel Alerting & Reporting

Never miss a security event. Instant notifications via email, Slack, Telegram, or Discord ensure your team responds immediately. Color-coded scan reports and customizable templates streamline incident documentation and client communication.

  • HTML and text email alerts with professional card-based design for clear threat visualization
  • Slack Block Kit, Telegram MarkdownV2, and Discord embed support for real-time team notifications
  • SMTP relay with TLS/SSL encryption ensures reliable delivery in environments without local MTAs
  • Customizable alert templates via overrides enable branded, company-specific reporting formats
  • Color-coded per-file hit details and threat type indicators accelerate triage decision-making

Resource Optimization

Deploy and maintain security without impacting production performance. Built-in CPU/IO controls, automatic panel detection, and systemd integration ensure scans run efficiently in the background—saving infrastructure costs and administrative overhead.

  • CPU and IO resource controls (nice, ionice, cpulimit) prevent security scans from degrading live services
  • Automatic detection of Plesk hosting control panel eliminates manual configuration during deployment
  • systemd service units and SysV init scripts ensure reliable startup and process management
  • Automatic ClamAV signature linking provides seamless dual-engine coverage without manual setup

Domain Reputation & Blacklist Monitoring

Protect SEO rankings and client revenue by detecting blacklists before they impact traffic. Automated checks via Google Safe Browsing API provide instant visibility into domain reputation—enabling rapid remediation that preserves search visibility and trust.

  • Scheduled nightly, weekly, or monthly blacklist checks with automated email notifications
  • Detailed threat type and platform identification from Google Web Risk API for precise remediation
  • Complete historical tracking shows exactly when compromises occurred to support incident investigations
  • Configurable alert routing enables targeted notifications for administrators, resellers, or end clients